|
197821
|
5.4 |
MEDIUM
Network
|
wpfront
|
scroll_top
|
The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting i…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24564
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197822
|
7.5 |
HIGH
Network
|
lifterlms
|
lifterlms
|
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers a…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-24562
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197823
|
5.4 |
MEDIUM
Network
|
veronalabs
|
wp_sms
|
The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
|
-
|
CVE-2021-24561
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197824
|
5.4 |
MEDIUM
Network
|
3.7designs
|
project_status
|
The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24558
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197825
|
7.2 |
HIGH
Network
|
nimble3
|
m-vslider
|
The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users…
|
-
|
CVE-2021-24557
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197826
|
6.1 |
MEDIUM
Network
|
email-subscriber_project
|
email-subscriber
|
The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24556
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197827
|
8.8 |
HIGH
Network
|
roosty
|
diary-availability-calendar
|
The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or…
|
-
|
CVE-2021-24555
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197828
|
7.2 |
HIGH
Network
|
freelancetoindia
|
paytm-pay
|
The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authent…
|
-
|
CVE-2021-24554
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197829
|
7.2 |
HIGH
Network
|
timeline_calendar_project
|
timeline_calendar
|
The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL…
|
-
|
CVE-2021-24553
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197830
|
7.2 |
HIGH
Network
|
simple_events_calendar_project
|
simple_events_calendar
|
The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an auth…
|
-
|
CVE-2021-24552
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
